Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

build-image enhancements #191

Open
wants to merge 15 commits into
base: master
Choose a base branch
from
Open

build-image enhancements #191

wants to merge 15 commits into from

Conversation

phlogistonjohn
Copy link
Collaborator

New features for hack/build-image:

  • A --archive option for writing image bundles to a given directory
  • A --load option for reading image bundles from a given directory
  • A new --combined option that will create and manage image indexes (manifests)
  • Ability to disable unqualified tag names with --no-unqualified

This is fairly large group of changes to prepare the build-image script for multi-arch management.
It tries to enable new workflows such as building images on disparate hosts with varying architectures, sharing those builds with --archive and gathering them with --load, before pushing them with --combined to create multi-arch indexes.

One workflow example goes a bit like:

# on builder node 1 (amd64)
# build an amd64 samba server image and then save it to a shared archive dir
$ ./hack/build-image  -i quay.io/phlogistonjohn/samba-server:default-fedora-amd64 --image-condition=rebuild  --archive=image_archive

# on builder node 2 (arm64)
# build an arm64 samba server image and then save it to a shared archive dir
$ ./hack/build-image  -i quay.io/phlogistonjohn/samba-server:default-fedora-arm64 --image-condition=rebuild  --archive=image_archive

# on builder node 3 (arbitrary)
# list contents of shared archive dir
$ ls image_archive
samba-server.default-fedora-amd64.tar  samba-server.default-fedora-arm64.tar
# import images from shared archive dir
./hack/build-image -i quay.io/phlogistonjohn/samba-server:default-fedora-amd64  -i quay.io/phlogistonjohn/samba-server:default-fedora-arm64 --load=image_archive

# automatically create image indexes (manifests) and push the FQINs and indexes to quay.io
./hack/build-image -i quay.io/phlogistonjohn/samba-server:default-fedora-amd64  -i quay.io/phlogistonjohn/samba-server:default-fedora-arm64 --combined --push --push-selected-tags=mixed  --push-state=auto-index

@phlogistonjohn
Copy link
Collaborator Author

Example of the manifests pushed by this script at https://quay.io/repository/phlogistonjohn/samba-server?tab=tags

anoopcs9
anoopcs9 reviewed Jan 9, 2025
View reviewed changes
Copy link
Collaborator

@anoopcs9 anoopcs9 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Few comments on commits excluding hack/build-image: add --combined option for building indexes.

hack/build-image Show resolved Hide resolved
hack/build-image Show resolved Hide resolved
hack/build-image Outdated Show resolved Hide resolved
hack/build-image Show resolved Hide resolved
@phlogistonjohn
gitignore: generalize the .build files ignore rule
7dd45ad 
Signed-off-by: John Mulligan <[email protected]>
@phlogistonjohn
hack/build-image: apply black style formatting
98fe5cf 
Some `black` and `flake8` fixes.

Signed-off-by: John Mulligan <[email protected]>
@phlogistonjohn
hack/build-image: use constants already defined in the code
0cb61df 
Signed-off-by: John Mulligan <[email protected]>
@phlogistonjohn
hack/build-image: don't call same function many times
55e970a 
Don't call the same function many times when that function's value is
never expected to change at this scope.

Signed-off-by: John Mulligan <[email protected]>
@phlogistonjohn
hack/build-image: remove unnecessary uses of lambda
63ea608 
I find lambda to be a bit of an unpleasant thing and try to remove it
when possible. Since all uses of lambda in this code are calling
the same function we can remove the function (and unchanging) argument
and have the variable section map to the run function's remaining
kwargs.

Signed-off-by: John Mulligan <[email protected]>
@phlogistonjohn
hack/build-image: add --archive action
18535a2 
Add an --archive=LOCATION command line argument that is somewhat like
push but instead uses the archive tarballs. This could be use in a
situation where you are building on a fast machine or different
arch than the machine you will ultimately be pushing from.

Signed-off-by: John Mulligan <[email protected]>
@phlogistonjohn
hack/build-image: add --load action
8f5598e 
Add a --load=LOCATION command line argument that mirrors the new
--archive command but imports images from the archive dir.

This could be used in a situation where you are building images on
one machine but then need to update or push images from a different
machine.

Signed-off-by: John Mulligan <[email protected]>
@phlogistonjohn
hack/build-image: add _split_img method
9fc6bbe 
Split the existing function used to break up a container name into
parts into a smaller reusable function.

Signed-off-by: John Mulligan <[email protected]>
@phlogistonjohn
hack/build-image: add --combined option for building indexes
4ce5ebe 
Indexes (aka manifests) allow for images to be built for different
architectures and the associated with one tag (or set of shared tags).

The build script enables indexes/manifests when supplied with the
--combined flag.

The `build` function is changed a bit and no longer always builds an
image. If the image is already present locally, the build will be
skipped - this is done because (re)building an image of a different
architecture can be very slow. This new behavior tries to avoid costly
unintentional rebuilds. A future change will add a new command to
force a rebuild.

Signed-off-by: John Mulligan <[email protected]>
@phlogistonjohn
hack/build-image: add rebuild command
a7d8204 
Add a --rebuild command to force building of images that already exist
in local storage.

Signed-off-by: John Mulligan <[email protected]>
@phlogistonjohn
hack/build-image: container index/manifest push fixes
508f51a 
Fix/improve the behavior of the script when --push is combined with
--combined.

Signed-off-by: John Mulligan <[email protected]>
@phlogistonjohn
hack/build-image: clean up logic around auto-building on push & archive
997aa74 
The description of `exists` didn't match the code and now we can extend
and clean things up in the presence of indexes.

Signed-off-by: John Mulligan <[email protected]>
@phlogistonjohn
hack/build-image: disable archive command for indexes
dd7ae74 
Ignore index targets if `--combined` is passed along with
`--archive=<dir>`.

Signed-off-by: John Mulligan <[email protected]>
@phlogistonjohn
hack/build-image: option to create images without unqualified tags
0ca5d8d 
Allow the script to skip creating unqualified tags on images (like
'nightly' or 'latest').

Signed-off-by: John Mulligan <[email protected]>
@phlogistonjohn
hack/build-image: workaround weird podman manifest push issue
df64528 
Signed-off-by: John Mulligan <[email protected]>
@phlogistonjohn phlogistonjohn marked this pull request as ready for review January 13, 2025 18:19
anoopcs9
anoopcs9 reviewed Jan 14, 2025
View reviewed changes
hack/build-image
Comment on lines +298 to +302
# apply additional tag names
for tname in target.all_names(baseless=cli.without_repo_bases):
tag_args = [eng, "tag", target.image_name(), tname]
if target.image_name() != tname:
run(cli, tag_args, check=True)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As per your example from description, is this the place which decides on the tag under which manifests are grouped? In the light of your example how do we arrive at the tag name default-fedora?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not really, that is now handled by the BuildRequest class - in particular the _expand_special_tags (and add_special_tags) and _build_indexes methods.

The tag default-fedora for an image is considered a distro qualified tag. For an index it's the fully qualified tag (as the arch belongs w/in the index). The fully qualified tags are determined when each target class is constructed. So if you pass --combined, we walk through the list of requested images and if FQINs exist we'll derive the index tags from those (in _build_indexes and TargetIndex.from_image).

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not really, that is now handled by the BuildRequest class - in particular the _expand_special_tags (and add_special_tags) and _build_indexes methods.

Ok.

The tag default-fedora for an image is considered a distro qualified tag. For an index it's the fully qualified tag (as the arch belongs w/in the index). The fully qualified tags are determined when each target class is constructed. So if you pass --combined, we walk through the list of requested images and if FQINs exist we'll derive the index tags from those (in _build_indexes and TargetIndex.from_image).

But isn't default-fedora different from what we had earlier categorized as distro qualified tag? add_special_tags() used to create fedora-latest for default package source and fedora-nightly for nightly package source as distro qualified tags. With this change tag_name() kind of reverses the tag name parts and doesn't use latest for default package source.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm probably not explaining it very well. I request that you please try it out in practice rather than me going back and forth trying to poorly explain it. If you think something is wrong, please do speak up, but I fear the more I try to explain the code rather than just read it - I will confuse things more.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I went through the steps to create samba-server:default-fedora-amd64 and samba-server:default-fedora-arm64:

. . .
Successfully tagged localhost/samba-server:fedora-latest
Successfully tagged localhost/samba-server:default-fedora-amd64
Successfully tagged quay.io/samba.org/samba-server:fedora-latest
Successfully tagged quay.io/samba.org/samba-server:latest
Successfully tagged quay.io/samba.org/samba-server:default-fedora-amd64
46c6d74fa62c487e96f1c3685e453539b8771d722378b6a34731c4c4351ec4bf
. . .
Successfully tagged localhost/samba-server:fedora-latest
Successfully tagged localhost/samba-server:default-fedora-arm64
Successfully tagged quay.io/samba.org/samba-server:fedora-latest
Successfully tagged quay.io/samba.org/samba-server:latest
Successfully tagged quay.io/samba.org/samba-server:default-fedora-arm64
480500c271df8b226022ab125eff1f4bd8e0d6985c147a38ea6531ec5eb80494
. . .

and then executed the following command:

$ hack/build-image -i quay.io/anoopcs/samba-server:default-fedora-arm64 -i quay.io/anoopcs/samba-server:default-fedora-amd64 --combined --push --push-selected-tags=mixed --push-state=auto-index

The above command resulted in two different tags with 2 manifests each as follows:

$ podman image ls | grep anoopcs
quay.io/anoopcs/samba-server                  default-fedora          20191b9fb0da  6 minutes ago   1.05 kB
quay.io/anoopcs/samba-server                  latest                  20191b9fb0da  6 minutes ago   1.05 kB
quay.io/anoopcs/samba-server                  default-fedora-amd64    46c6d74fa62c  56 minutes ago  472 MB
quay.io/anoopcs/samba-server                  default-fedora-arm64    480500c271df  57 minutes ago  581 MB

Earlier we created the distro qualified tag as fedora-latest and now it gets tagged as default-fedora. I hope this new naming happens within tag_names().

anoopcs9
anoopcs9 reviewed Jan 15, 2025
View reviewed changes
hack/build-image
Comment on lines +298 to +302
# apply additional tag names
for tname in target.all_names(baseless=cli.without_repo_bases):
tag_args = [eng, "tag", target.image_name(), tname]
if target.image_name() != tname:
run(cli, tag_args, check=True)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not really, that is now handled by the BuildRequest class - in particular the _expand_special_tags (and add_special_tags) and _build_indexes methods.

Ok.

The tag default-fedora for an image is considered a distro qualified tag. For an index it's the fully qualified tag (as the arch belongs w/in the index). The fully qualified tags are determined when each target class is constructed. So if you pass --combined, we walk through the list of requested images and if FQINs exist we'll derive the index tags from those (in _build_indexes and TargetIndex.from_image).

But isn't default-fedora different from what we had earlier categorized as distro qualified tag? add_special_tags() used to create fedora-latest for default package source and fedora-nightly for nightly package source as distro qualified tags. With this change tag_name() kind of reverses the tag name parts and doesn't use latest for default package source.

hack/build-image Show resolved Hide resolved
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@anoopcs9 anoopcs9 anoopcs9 left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
priority-review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@phlogistonjohn @anoopcs9